Error message

Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /homepages/3/d274688683/htdocs/devdrupalseven/includes/

Protect confidentiality

The two key principles at stake when proposing to use personal data for research purposes are (1) promotion of the public interest and (2) protection of the privacy and other interests of citizens. Where these coincide, for example when using anonymised data, then the principles align. Where, however, this cannot happen, tensions between the principles can arise. You as a researcher must be able to identify when your proposed data use could raise confidentiality concerns and be able to recognise where the public benefit in your research project is outweighed by these concerns.

Essentially you must ensure that the data you request to access does not infringe on confidentiality in such a way that is disproportionate to the public benefit of your research project. This means that you may have to use anonymised data, or, where this is not possible, you must use the minimum amount of personal data necessary to achieve your research aims

Why does confidentiality matter?

Confidentiality is an essential requirement for the preservation of trust in the medicinal profession as it is pivotal in upholding respect for privacy, autonomy and the right of self-determination. As such, confidentially is subject to legal safeguards, in particular through the common law action of breach of confidence.

Confidentiality is both a private and a public interest. It is private in the sense that private individuals have an interest in keeping certain personal information confidential, and it is public in the sense that there is also a general public interest in protecting confidentiality in circumstances where a reasonable person might expect information to be held in confidence.

If confidentiality is breached there can be serious consequences for the individuals concerned. Not only could they be caused distress or embarrassment by the revelation of personal information about them, but they may also suffer detrimental consequences in an employment or social context. You as a researcher should therefore ensure that where possible you do not use confidential information in your research project, and if you do that you ensure that confidential information is kept secure.  

Please see the guidance page on confidentiality for more information.

Using anonymous data

Using anonymous data has the obvious advantage of not being identifiable and therefore not being confidential information. This means that the information can generally be used more freely and it will not be subject to legal safeguards which operate to protect identifiable personal information. However, good practice dictates that there should still be safeguards in place to prevent the inappropriate use of even anonymous information.

However, it is recognised that it will not always be appropriate to use anonymised information, as some research projects will require richer datasets, the richness of which would be lost by the anonymisation process. If this is the case you will either need to obtain consent from the individual to use their personal data, or you will need to obtain authorisation from the relevant authorising body for the use of the data. In order to obtain such authorisation you will need to be able to demonstrate that the public interest in your research project outweighs any concerns over confidentiality, and that you have taken steps to ensure that any confidential information is kept secure.

Please see the guidance page on anonymisation for more information.

Balancing confidentiality and research benefits

In order to determine whether identifiable information may be disclosed without the consent of an individual, we must determine whether it serves the interests of the public to disclose or not to disclose. It is important to keep in mind that research is also in the public interest. Thus, this determination involves the balancing of two public interests: the public interest in maintaining confidentiality and the public interesting in disclosing information to further medical research.

The decision as to what is in the public interest must be made on a case by case basis, by taking into consideration the specific qualities and risks of the proposed research project. As such, it is not possible to provide definitive guidance on which way the balance should be struck (however, remember that provided the necessary safeguards are met, the public interest in advancing research is strongly appreciated). Generally you must consider:

  • The nature and sensitivity of the information to be disclosed,
  • The use to be made of the information,
  • The context in which the information was generated,
  • The reasonable expectations of the individual whose information it is,
  • Any harm which could be caused to the individual or others,
  • The purpose of the request for information,
  • The number of people to have access to the information,
  • The confidentiality and security arrangements in place to protect the information from further disclosure,
  • The advice of a Caldicott Guardian or similar expert advisor who is not directly connected with the use for which the disclosure is being considered,
  • The advice of a Research Ethics Committee,
  • The advice of the Privacy Advisory Committee,
  • The potential for harm or distress to patients,
  • The importance of the information to be obtained from the research output.

If, after considering these factors, it is decided that the information should be disclosed, the disclosing body must only disclose the minimum of information necessary to achieve the objective of the research project.

How SHIP can help you protect data

There are three principle ways in which SHIP processes can support you in protecting the confidentiality of the data you wish to use in your research:

  1. Providing you with training through the SHIP Distance Learning Module which will equip you to adhere to optimal information governance standards
  2. SHIP’s Research Coordinator can advise you on the potential risks to  confidentiality posed by your research proposal and advise you on ways to mitigate these risks
  3. SHIP offers the opportunity to access data through a safe haven which means that you and your organisation does not have to be responsible for ensuring the safe transit or storage of the data.  SHIP safe havens provide a data indexing and linkage service to anonymise or partially anonymise the data.  This means that you will only be able to access data at the level of person-identifiability needed for your particular project.

SHIP Guiding Principles and Best Practice 

SHIP Guiding Principles and Best Practices reflect the values which underpin the SHIP project. They are designed to act as a guide for all those involved in SHIP and data sharing. You as a researcher or data custodian should be aware of these guiding principles and best practices as they provide useful guidance as to the standards of information governance promoted and expected by SHIP.


  • Data controllers should demonstrate their commitment to privacy protection through the development and implementation of appropriate and transparent policies.
  • Every effort should be made to consider and minimise risks of identification (or re-identification) to data subjects and their families arising from all aspects of data handling.

Best Practice

  • Organisations involved in data sharing and use should have a designated officer responsible for addressing privacy matters. This might be the Data Controller or Caldicott Guardian or someone delegated to act on their behalf.
  • Assessing privacy risks is an integral component of a data controller’s responsibilities and should form a central part of their privacy policy. This process should include the identification of confidentiality, security and privacy risks of any data handling including linkages, storage and access considerations.
  • It is acknowledged that at times data controllers may not be able to fully assess privacy risks, especially prior to linkages, however they should still carry out an assessment that identifies potential risks based on the information they do have.
  • Potential data recipients should also assess the impact on privacy prior to submitting data access requests and they should highlight any identified risks in order to discuss these with the data controller.
  • Appropriate disclosure control should be applied to all outputs; this should be carried out under the authority and oversight of the designated privacy officer.

Return to top of page

Return to route-map